Skip to content

Commit 460e74e

Browse files
AuthorReflexAuthorReflex
committed
firewall3: set xtables.options to NULL before first extension is loaded
Due to fix for memleak in option merging in new version, set xtables.options to NULL before first extension is loaded as in main iptables tree [1] [1] https://git.netfilter.org/iptables/commit/?id=933e605154c439218f73f48b028abbeed336c3c5 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
1 parent 1aef979 commit 460e74e

2 files changed

Lines changed: 13 additions & 11 deletions

File tree

iptables.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1694,7 +1694,7 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
16941694
va_end(ap);
16951695

16961696
g = (r->h->family == FW3_FAMILY_V6) ? &xtg6 : &xtg;
1697-
g->opts = g->orig_opts;
1697+
//g->opts = g->orig_opts;
16981698

16991699
optind = 0;
17001700
opterr = 0;
@@ -1709,8 +1709,8 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
17091709

17101710
set_rule_tag(r);
17111711

1712-
while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:", g->opts,
1713-
NULL)) != -1)
1712+
while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:",
1713+
g->opts ?: g->orig_opts, NULL)) != -1)
17141714
{
17151715
switch (optc)
17161716
{

xtables-10.h

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -70,14 +70,14 @@ fw3_xt_merge_match_options(struct xtables_globals *g, struct xtables_match *m)
7070
{
7171
if (m->x6_options)
7272
g->opts = xtables_options_xfrm(g->orig_opts, g->opts,
73-
m->x6_options, &m->option_offset);
74-
75-
if (m->extra_opts)
73+
m->x6_options, &m->option_offset);
74+
else if (m->extra_opts)
7675
g->opts = xtables_merge_options(g->orig_opts, g->opts,
77-
m->extra_opts, &m->option_offset);
76+
m->extra_opts, &m->option_offset);
77+
else
78+
return;
7879
}
7980

80-
8181
static inline const char *
8282
fw3_xt_get_target_name(struct xtables_target *t)
8383
{
@@ -115,10 +115,12 @@ fw3_xt_merge_target_options(struct xtables_globals *g, struct xtables_target *t)
115115
{
116116
if (t->x6_options)
117117
g->opts = xtables_options_xfrm(g->orig_opts, g->opts,
118-
t->x6_options, &t->option_offset);
119-
else
118+
t->x6_options, &t->option_offset);
119+
else if (t->extra_opts)
120120
g->opts = xtables_merge_options(g->orig_opts, g->opts,
121-
t->extra_opts, &t->option_offset);
121+
t->extra_opts, &t->option_offset);
122+
else
123+
return;
122124
}
123125

124126
static inline void

0 commit comments

Comments
 (0)